inspec-core 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +139 -140
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
@@ -1,5 +1,5 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
require_relative "base"
|
2
|
+
require "inspec/dist"
|
3
3
|
|
4
4
|
#
|
5
5
|
# Notes:
|
@@ -73,39 +73,41 @@ require_relative 'base'
|
|
73
73
|
module InspecPlugins
|
74
74
|
module Artifact
|
75
75
|
class CLI < Inspec.plugin(2, :cli_command)
|
76
|
-
|
76
|
+
include Inspec::Dist
|
77
77
|
|
78
|
-
|
78
|
+
subcommand_desc "artifact SUBCOMMAND", "Manage #{PRODUCT_NAME} Artifacts"
|
79
|
+
|
80
|
+
desc "generate", "Generate a RSA key pair for signing and verification"
|
79
81
|
option :keyname, type: :string, required: true,
|
80
|
-
desc:
|
81
|
-
option :keydir, type: :string, default:
|
82
|
-
desc:
|
82
|
+
desc: "Desriptive name of key"
|
83
|
+
option :keydir, type: :string, default: "./",
|
84
|
+
desc: "Directory to search for keys"
|
83
85
|
def generate_keys
|
84
|
-
puts
|
86
|
+
puts "Generating keys"
|
85
87
|
InspecPlugins::Artifact::Base.keygen(options)
|
86
88
|
end
|
87
89
|
|
88
|
-
desc
|
90
|
+
desc "sign-profile", "Create a signed .iaf artifact"
|
89
91
|
option :profile, type: :string, required: true,
|
90
|
-
desc:
|
92
|
+
desc: "Path to profile directory"
|
91
93
|
option :keyname, type: :string, required: true,
|
92
|
-
desc:
|
94
|
+
desc: "Desriptive name of key"
|
93
95
|
def sign_profile
|
94
96
|
InspecPlugins::Artifact::Base.profile_sign(options)
|
95
97
|
end
|
96
98
|
|
97
|
-
desc
|
99
|
+
desc "verify-profile", "Verify a signed .iaf artifact"
|
98
100
|
option :infile, type: :string, required: true,
|
99
|
-
desc:
|
101
|
+
desc: ".iaf file to verify"
|
100
102
|
def verify_profile
|
101
103
|
InspecPlugins::Artifact::Base.profile_verify(options)
|
102
104
|
end
|
103
105
|
|
104
|
-
desc
|
106
|
+
desc "install-profile", "Verify and install a signed .iaf artifact"
|
105
107
|
option :infile, type: :string, required: true,
|
106
|
-
desc:
|
108
|
+
desc: ".iaf file to install"
|
107
109
|
option :destdir, type: :string, required: true,
|
108
|
-
desc:
|
110
|
+
desc: "Installation directory"
|
109
111
|
def install_profile
|
110
112
|
InspecPlugins::Artifact::Base.profile_install(options)
|
111
113
|
end
|
@@ -1,14 +1,13 @@
|
|
1
|
-
|
1
|
+
require "net/http"
|
2
|
+
require "uri"
|
3
|
+
require "json"
|
4
|
+
require "inspec/dist"
|
2
5
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
require_relative
|
8
|
-
require_relative 'configuration'
|
9
|
-
require_relative 'http'
|
10
|
-
require_relative 'target'
|
11
|
-
require_relative 'support'
|
6
|
+
require_relative "api/login"
|
7
|
+
require_relative "configuration"
|
8
|
+
require_relative "http"
|
9
|
+
require_relative "target"
|
10
|
+
require_relative "support"
|
12
11
|
|
13
12
|
module InspecPlugins
|
14
13
|
module Compliance
|
@@ -17,13 +16,14 @@ module InspecPlugins
|
|
17
16
|
# API Implementation does not hold any state by itself,
|
18
17
|
# everything will be stored in local Configuration store
|
19
18
|
class API
|
19
|
+
include Inspec::Dist
|
20
20
|
extend InspecPlugins::Compliance::API::Login
|
21
21
|
|
22
22
|
# return all compliance profiles available for the user
|
23
23
|
# the user is either specified in the options hash or by default
|
24
24
|
# the username of the account is used that is logged in
|
25
25
|
def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
|
26
|
-
owner = config[
|
26
|
+
owner = config["owner"] || config["user"]
|
27
27
|
|
28
28
|
# Chef Compliance
|
29
29
|
if is_compliance_server?(config)
|
@@ -47,43 +47,43 @@ module InspecPlugins
|
|
47
47
|
|
48
48
|
if is_automate2_server?(config)
|
49
49
|
body = { owner: owner, name: id }.to_json
|
50
|
-
response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config[
|
50
|
+
response = InspecPlugins::Compliance::HTTP.post_with_headers(url, headers, body, config["insecure"])
|
51
51
|
else
|
52
|
-
response = InspecPlugins::Compliance::HTTP.get(url, headers, config[
|
52
|
+
response = InspecPlugins::Compliance::HTTP.get(url, headers, config["insecure"])
|
53
53
|
end
|
54
54
|
data = response.body
|
55
55
|
response_code = response.code
|
56
56
|
case response_code
|
57
|
-
when
|
58
|
-
msg =
|
57
|
+
when "200"
|
58
|
+
msg = "success"
|
59
59
|
profiles = JSON.parse(data)
|
60
60
|
# iterate over profiles
|
61
61
|
if is_compliance_server?(config)
|
62
62
|
mapped_profiles = []
|
63
|
-
profiles.values.each
|
63
|
+
profiles.values.each do |org|
|
64
64
|
mapped_profiles += org.values
|
65
|
-
|
65
|
+
end
|
66
66
|
# Chef Automate pre 0.8.0
|
67
67
|
elsif is_automate_server_pre_080?(config)
|
68
68
|
mapped_profiles = profiles.values.flatten
|
69
69
|
elsif is_automate2_server?(config)
|
70
70
|
mapped_profiles = []
|
71
|
-
profiles[
|
71
|
+
profiles["profiles"].each do |p|
|
72
72
|
mapped_profiles << p
|
73
|
-
|
73
|
+
end
|
74
74
|
else
|
75
|
-
mapped_profiles = profiles.map
|
76
|
-
e[
|
75
|
+
mapped_profiles = profiles.map do |e|
|
76
|
+
e["owner_id"] = owner
|
77
77
|
e
|
78
|
-
|
78
|
+
end
|
79
79
|
end
|
80
80
|
# filter by name and version if they were specified in profile_filter
|
81
81
|
mapped_profiles.select! do |p|
|
82
|
-
(!ver || p[
|
82
|
+
(!ver || p["version"] == ver) && (!id || p["name"] == id)
|
83
83
|
end
|
84
84
|
return msg, mapped_profiles
|
85
|
-
when
|
86
|
-
msg =
|
85
|
+
when "401"
|
86
|
+
msg = "401 Unauthorized. Please check your token."
|
87
87
|
return msg, []
|
88
88
|
else
|
89
89
|
msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
|
@@ -95,20 +95,20 @@ module InspecPlugins
|
|
95
95
|
# NB this method does not use Compliance::Configuration to allow for using
|
96
96
|
# it before we know the version (e.g. oidc or not)
|
97
97
|
def self.version(config)
|
98
|
-
url = config[
|
99
|
-
insecure = config[
|
98
|
+
url = config["server"]
|
99
|
+
insecure = config["insecure"]
|
100
100
|
|
101
101
|
raise ServerConfigurationMissing if url.nil?
|
102
102
|
|
103
103
|
headers = get_headers(config)
|
104
|
-
response = InspecPlugins::Compliance::HTTP.get(url+
|
105
|
-
return {} if response.code ==
|
104
|
+
response = InspecPlugins::Compliance::HTTP.get(url + "/version", headers, insecure)
|
105
|
+
return {} if response.code == "404"
|
106
106
|
|
107
107
|
data = response.body
|
108
108
|
return {} if data.nil? || data.empty?
|
109
109
|
|
110
110
|
parsed = JSON.parse(data)
|
111
|
-
return {} unless parsed.key?(
|
111
|
+
return {} unless parsed.key?("version") && !parsed["version"].empty?
|
112
112
|
|
113
113
|
parsed
|
114
114
|
end
|
@@ -135,9 +135,9 @@ module InspecPlugins
|
|
135
135
|
|
136
136
|
headers = get_headers(config)
|
137
137
|
if is_automate2_server?(config)
|
138
|
-
res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config[
|
138
|
+
res = InspecPlugins::Compliance::HTTP.post_multipart_file(url, headers, archive_path, config["insecure"])
|
139
139
|
else
|
140
|
-
res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config[
|
140
|
+
res = InspecPlugins::Compliance::HTTP.post_file(url, headers, archive_path, config["insecure"])
|
141
141
|
end
|
142
142
|
|
143
143
|
[res.is_a?(Net::HTTPSuccess), res.body]
|
@@ -151,11 +151,11 @@ module InspecPlugins
|
|
151
151
|
access_token = nil
|
152
152
|
response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
|
153
153
|
data = response.body
|
154
|
-
if response.code ==
|
154
|
+
if response.code == "200"
|
155
155
|
begin
|
156
156
|
tokendata = JSON.parse(data)
|
157
|
-
access_token = tokendata[
|
158
|
-
msg =
|
157
|
+
access_token = tokendata["access_token"]
|
158
|
+
msg = "Successfully fetched API access token"
|
159
159
|
success = true
|
160
160
|
rescue JSON::ParserError => e
|
161
161
|
success = false
|
@@ -178,9 +178,9 @@ module InspecPlugins
|
|
178
178
|
access_token = nil
|
179
179
|
response = InspecPlugins::Compliance::HTTP.send_request(uri, req, insecure)
|
180
180
|
data = response.body
|
181
|
-
if response.code ==
|
181
|
+
if response.code == "200"
|
182
182
|
access_token = data
|
183
|
-
msg =
|
183
|
+
msg = "Successfully fetched an API access token valid for 12 hours"
|
184
184
|
success = true
|
185
185
|
else
|
186
186
|
success = false
|
@@ -194,22 +194,22 @@ module InspecPlugins
|
|
194
194
|
def self.get_headers(config)
|
195
195
|
token = get_token(config)
|
196
196
|
if is_automate_server?(config) || is_automate2_server?(config)
|
197
|
-
headers = {
|
198
|
-
if config[
|
199
|
-
headers[
|
197
|
+
headers = { "chef-delivery-enterprise" => config["automate"]["ent"] }
|
198
|
+
if config["automate"]["token_type"] == "dctoken"
|
199
|
+
headers["x-data-collector-token"] = token
|
200
200
|
else
|
201
|
-
headers[
|
202
|
-
headers[
|
201
|
+
headers["chef-delivery-user"] = config["user"]
|
202
|
+
headers["chef-delivery-token"] = token
|
203
203
|
end
|
204
204
|
else
|
205
|
-
headers = {
|
205
|
+
headers = { "Authorization" => "Bearer #{token}" }
|
206
206
|
end
|
207
207
|
headers
|
208
208
|
end
|
209
209
|
|
210
210
|
def self.get_token(config)
|
211
|
-
return config[
|
212
|
-
_success, _msg, token = get_token_via_refresh_token(config[
|
211
|
+
return config["token"] unless config["refresh_token"]
|
212
|
+
_success, _msg, token = get_token_via_refresh_token(config["server"], config["refresh_token"], config["insecure"])
|
213
213
|
token
|
214
214
|
end
|
215
215
|
|
@@ -227,52 +227,52 @@ module InspecPlugins
|
|
227
227
|
end
|
228
228
|
|
229
229
|
def self.profile_split(profile)
|
230
|
-
owner, id = profile.split(
|
231
|
-
id, version = id.split(
|
230
|
+
owner, id = profile.split("/")
|
231
|
+
id, version = id.split("#")
|
232
232
|
[owner, id, version]
|
233
233
|
end
|
234
234
|
|
235
235
|
# returns a parsed url for `admin/profile` or `compliance://admin/profile`
|
236
236
|
def self.sanitize_profile_name(profile)
|
237
|
-
if URI(profile).scheme ==
|
237
|
+
if URI(profile).scheme == "compliance"
|
238
238
|
uri = URI(profile)
|
239
239
|
else
|
240
240
|
uri = URI("compliance://#{profile}")
|
241
241
|
end
|
242
|
-
uri.to_s.sub(%r{^compliance:\/\/},
|
242
|
+
uri.to_s.sub(%r{^compliance:\/\/}, "")
|
243
243
|
end
|
244
244
|
|
245
245
|
def self.is_compliance_server?(config)
|
246
|
-
config[
|
246
|
+
config["server_type"] == "compliance"
|
247
247
|
end
|
248
248
|
|
249
249
|
def self.is_automate_server_pre_080?(config)
|
250
250
|
# Automate versions before 0.8.x do not have a valid version in the config
|
251
|
-
return false unless config[
|
251
|
+
return false unless config["server_type"] == "automate"
|
252
252
|
server_version_from_config(config).nil?
|
253
253
|
end
|
254
254
|
|
255
255
|
def self.is_automate_server_080_and_later?(config)
|
256
256
|
# Automate versions 0.8.x and later will have a "version" key in the config
|
257
257
|
# that is properly parsed out via server_version_from_config below
|
258
|
-
return false unless config[
|
258
|
+
return false unless config["server_type"] == "automate"
|
259
259
|
!server_version_from_config(config).nil?
|
260
260
|
end
|
261
261
|
|
262
262
|
def self.is_automate2_server?(config)
|
263
|
-
config[
|
263
|
+
config["server_type"] == "automate2"
|
264
264
|
end
|
265
265
|
|
266
266
|
def self.is_automate_server?(config)
|
267
|
-
config[
|
267
|
+
config["server_type"] == "automate"
|
268
268
|
end
|
269
269
|
|
270
270
|
def self.server_version_from_config(config)
|
271
271
|
# Automate versions 0.8.x and later will have a "version" key in the config
|
272
272
|
# that looks like: "version":{"api":"compliance","version":"0.8.24"}
|
273
|
-
return nil unless config.key?(
|
274
|
-
return nil unless config[
|
275
|
-
config[
|
273
|
+
return nil unless config.key?("version")
|
274
|
+
return nil unless config["version"].is_a?(Hash)
|
275
|
+
config["version"]["version"]
|
276
276
|
end
|
277
277
|
|
278
278
|
def self.determine_server_type(url, insecure)
|
@@ -283,18 +283,18 @@ module InspecPlugins
|
|
283
283
|
elsif target_is_compliance_server?(url, insecure)
|
284
284
|
:compliance
|
285
285
|
else
|
286
|
-
Inspec::Log.debug(
|
286
|
+
Inspec::Log.debug("Could not determine server type using known endpoints")
|
287
287
|
nil
|
288
288
|
end
|
289
289
|
end
|
290
290
|
|
291
291
|
def self.target_is_automate2_server?(url, insecure)
|
292
|
-
automate_endpoint =
|
292
|
+
automate_endpoint = "/dex/auth"
|
293
293
|
response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
|
294
|
-
if response.code ==
|
294
|
+
if response.code == "400"
|
295
295
|
Inspec::Log.debug(
|
296
296
|
"Received 400 from #{url}#{automate_endpoint} - " \
|
297
|
-
|
297
|
+
"assuming target is a #{AUTOMATE_PRODUCT_NAME}2 instance"
|
298
298
|
)
|
299
299
|
true
|
300
300
|
else
|
@@ -303,30 +303,30 @@ module InspecPlugins
|
|
303
303
|
end
|
304
304
|
|
305
305
|
def self.target_is_automate_server?(url, insecure)
|
306
|
-
automate_endpoint =
|
306
|
+
automate_endpoint = "/compliance/version"
|
307
307
|
response = InspecPlugins::Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
|
308
308
|
case response.code
|
309
|
-
when
|
309
|
+
when "401"
|
310
310
|
Inspec::Log.debug(
|
311
311
|
"Received 401 from #{url}#{automate_endpoint} - " \
|
312
|
-
|
312
|
+
"assuming target is a #{AUTOMATE_PRODUCT_NAME} instance"
|
313
313
|
)
|
314
314
|
true
|
315
|
-
when
|
315
|
+
when "200"
|
316
316
|
# Chef Automate currently returns 401 for `/compliance/version` but some
|
317
317
|
# versions of OpsWorks Chef Automate return 200 and a Chef Manage page
|
318
318
|
# when unauthenticated requests are received.
|
319
|
-
if response.body.include?(
|
319
|
+
if response.body.include?("Are You Looking For the #{SERVER_PRODUCT_NAME}?")
|
320
320
|
Inspec::Log.debug(
|
321
321
|
"Received 200 from #{url}#{automate_endpoint} - " \
|
322
|
-
|
322
|
+
"assuming target is an #{AUTOMATE_PRODUCT_NAME} instance"
|
323
323
|
)
|
324
324
|
true
|
325
325
|
else
|
326
326
|
Inspec::Log.debug(
|
327
327
|
"Received 200 from #{url}#{automate_endpoint} " \
|
328
|
-
|
329
|
-
|
328
|
+
"but did not receive the Chef Manage page - " \
|
329
|
+
"assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
|
330
330
|
)
|
331
331
|
false
|
332
332
|
end
|
@@ -334,7 +334,7 @@ module InspecPlugins
|
|
334
334
|
Inspec::Log.debug(
|
335
335
|
"Received unexpected status code #{response.code} " \
|
336
336
|
"from #{url}#{automate_endpoint} - " \
|
337
|
-
|
337
|
+
"assuming target is not a #{AUTOMATE_PRODUCT_NAME} instance"
|
338
338
|
)
|
339
339
|
false
|
340
340
|
end
|
@@ -342,14 +342,14 @@ module InspecPlugins
|
|
342
342
|
|
343
343
|
def self.target_is_compliance_server?(url, insecure)
|
344
344
|
# All versions of Chef Compliance return 200 for `/api/version`
|
345
|
-
compliance_endpoint =
|
345
|
+
compliance_endpoint = "/api/version"
|
346
346
|
|
347
347
|
response = InspecPlugins::Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
|
348
|
-
return false unless response.code ==
|
348
|
+
return false unless response.code == "200"
|
349
349
|
|
350
350
|
Inspec::Log.debug(
|
351
351
|
"Received 200 from #{url}#{compliance_endpoint} - " \
|
352
|
-
|
352
|
+
"assuming target is a #{COMPLIANCE_PRODUCT_NAME} server"
|
353
353
|
)
|
354
354
|
true
|
355
355
|
end
|
@@ -1,19 +1,21 @@
|
|
1
|
-
|
1
|
+
require "inspec/dist"
|
2
2
|
|
3
3
|
module InspecPlugins
|
4
4
|
module Compliance
|
5
5
|
class API
|
6
6
|
module Login
|
7
|
+
include Inspec::Dist
|
8
|
+
|
7
9
|
class CannotDetermineServerType < StandardError; end
|
8
10
|
|
9
11
|
def login(options)
|
10
|
-
raise ArgumentError,
|
12
|
+
raise ArgumentError, "Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`" unless options["server"]
|
11
13
|
|
12
|
-
options[
|
14
|
+
options["server"] = URI("https://#{options['server']}").to_s if URI(options["server"]).scheme.nil?
|
13
15
|
|
14
|
-
options[
|
16
|
+
options["server_type"] = InspecPlugins::Compliance::API.determine_server_type(options["server"], options["insecure"])
|
15
17
|
|
16
|
-
case options[
|
18
|
+
case options["server_type"]
|
17
19
|
when :automate2
|
18
20
|
Login::Automate2Server.login(options)
|
19
21
|
when :automate
|
@@ -21,7 +23,7 @@ module InspecPlugins
|
|
21
23
|
when :compliance
|
22
24
|
Login::ComplianceServer.login(options)
|
23
25
|
else
|
24
|
-
raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a
|
26
|
+
raise CannotDetermineServerType, "Unable to determine if #{options['server']} is a #{AUTOMATE_PRODUCT_NAME} or #{COMPLIANCE_PRODUCT_NAME} server"
|
25
27
|
end
|
26
28
|
end
|
27
29
|
|
@@ -29,8 +31,8 @@ module InspecPlugins
|
|
29
31
|
def self.login(options)
|
30
32
|
verify_thor_options(options)
|
31
33
|
|
32
|
-
options[
|
33
|
-
token = options[
|
34
|
+
options["url"] = options["server"] + "/api/v0"
|
35
|
+
token = options["dctoken"] || options["token"]
|
34
36
|
store_access_token(options, token)
|
35
37
|
end
|
36
38
|
|
@@ -38,16 +40,16 @@ module InspecPlugins
|
|
38
40
|
config = InspecPlugins::Compliance::Configuration.new
|
39
41
|
config.clean
|
40
42
|
|
41
|
-
config[
|
42
|
-
config[
|
43
|
-
config[
|
44
|
-
config[
|
45
|
-
config[
|
46
|
-
config[
|
47
|
-
config[
|
48
|
-
config[
|
49
|
-
config[
|
50
|
-
config[
|
43
|
+
config["automate"] = {}
|
44
|
+
config["automate"]["ent"] = "automate"
|
45
|
+
config["automate"]["token_type"] = "dctoken"
|
46
|
+
config["server"] = options["url"]
|
47
|
+
config["user"] = options["user"]
|
48
|
+
config["owner"] = options["user"]
|
49
|
+
config["insecure"] = options["insecure"] || false
|
50
|
+
config["server_type"] = options["server_type"].to_s
|
51
|
+
config["token"] = token
|
52
|
+
config["version"] = "0"
|
51
53
|
|
52
54
|
config.store
|
53
55
|
config
|
@@ -56,10 +58,10 @@ module InspecPlugins
|
|
56
58
|
def self.verify_thor_options(o)
|
57
59
|
error_msg = []
|
58
60
|
|
59
|
-
error_msg.push(
|
61
|
+
error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
|
60
62
|
|
61
|
-
if o[
|
62
|
-
error_msg.push(
|
63
|
+
if o["token"].nil? && o["dctoken"].nil?
|
64
|
+
error_msg.push("Please specify a token using `--token='APITOKEN'`")
|
63
65
|
end
|
64
66
|
|
65
67
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
@@ -70,31 +72,31 @@ module InspecPlugins
|
|
70
72
|
def self.login(options)
|
71
73
|
verify_thor_options(options)
|
72
74
|
|
73
|
-
options[
|
74
|
-
token = options[
|
75
|
+
options["url"] = options["server"] + "/compliance"
|
76
|
+
token = options["dctoken"] || options["token"]
|
75
77
|
store_access_token(options, token)
|
76
78
|
end
|
77
79
|
|
78
80
|
def self.store_access_token(options, token)
|
79
|
-
token_type = if options[
|
80
|
-
|
81
|
+
token_type = if options["token"]
|
82
|
+
"usertoken"
|
81
83
|
else
|
82
|
-
|
84
|
+
"dctoken"
|
83
85
|
end
|
84
86
|
|
85
87
|
config = InspecPlugins::Compliance::Configuration.new
|
86
88
|
|
87
89
|
config.clean
|
88
90
|
|
89
|
-
config[
|
90
|
-
config[
|
91
|
-
config[
|
92
|
-
config[
|
93
|
-
config[
|
94
|
-
config[
|
95
|
-
config[
|
96
|
-
config[
|
97
|
-
config[
|
91
|
+
config["automate"] = {}
|
92
|
+
config["automate"]["ent"] = options["ent"]
|
93
|
+
config["automate"]["token_type"] = token_type
|
94
|
+
config["server"] = options["url"]
|
95
|
+
config["user"] = options["user"]
|
96
|
+
config["insecure"] = options["insecure"] || false
|
97
|
+
config["server_type"] = options["server_type"].to_s
|
98
|
+
config["token"] = token
|
99
|
+
config["version"] = InspecPlugins::Compliance::API.version(config)
|
98
100
|
|
99
101
|
config.store
|
100
102
|
config
|
@@ -104,11 +106,11 @@ module InspecPlugins
|
|
104
106
|
def self.verify_thor_options(o)
|
105
107
|
error_msg = []
|
106
108
|
|
107
|
-
error_msg.push(
|
108
|
-
error_msg.push(
|
109
|
+
error_msg.push("Please specify a user using `--user='USER'`") if o["user"].nil?
|
110
|
+
error_msg.push("Please specify an enterprise using `--ent='automate'`") if o["ent"].nil?
|
109
111
|
|
110
|
-
if o[
|
111
|
-
error_msg.push(
|
112
|
+
if o["token"].nil? && o["dctoken"].nil?
|
113
|
+
error_msg.push("Please specify a token using `--token='AUTOMATE_TOKEN'` or `--dctoken='DATA_COLLECTOR_TOKEN'`")
|
112
114
|
end
|
113
115
|
|
114
116
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|
@@ -116,26 +118,28 @@ module InspecPlugins
|
|
116
118
|
end
|
117
119
|
|
118
120
|
module ComplianceServer
|
121
|
+
include Inspec::Dist
|
122
|
+
|
119
123
|
def self.login(options)
|
120
124
|
compliance_verify_thor_options(options)
|
121
125
|
|
122
|
-
options[
|
126
|
+
options["url"] = options["server"] + "/api"
|
123
127
|
|
124
|
-
if options[
|
125
|
-
compliance_store_access_token(options, options[
|
126
|
-
elsif options[
|
128
|
+
if options["user"] && options["token"]
|
129
|
+
compliance_store_access_token(options, options["token"])
|
130
|
+
elsif options["user"] && options["password"]
|
127
131
|
compliance_login_user_pass(options)
|
128
|
-
elsif options[
|
132
|
+
elsif options["refresh_token"]
|
129
133
|
compliance_login_refresh_token(options)
|
130
134
|
end
|
131
135
|
end
|
132
136
|
|
133
137
|
def self.compliance_login_user_pass(options)
|
134
138
|
success, msg, token = InspecPlugins::Compliance::API.get_token_via_password(
|
135
|
-
options[
|
136
|
-
options[
|
137
|
-
options[
|
138
|
-
options[
|
139
|
+
options["url"],
|
140
|
+
options["user"],
|
141
|
+
options["password"],
|
142
|
+
options["insecure"]
|
139
143
|
)
|
140
144
|
|
141
145
|
raise msg unless success
|
@@ -144,9 +148,9 @@ module InspecPlugins
|
|
144
148
|
|
145
149
|
def self.compliance_login_refresh_token(options)
|
146
150
|
success, msg, token = InspecPlugins::Compliance::API.get_token_via_refresh_token(
|
147
|
-
options[
|
148
|
-
options[
|
149
|
-
options[
|
151
|
+
options["url"],
|
152
|
+
options["refresh_token"],
|
153
|
+
options["insecure"]
|
150
154
|
)
|
151
155
|
|
152
156
|
raise msg unless success
|
@@ -157,12 +161,12 @@ module InspecPlugins
|
|
157
161
|
config = InspecPlugins::Compliance::Configuration.new
|
158
162
|
config.clean
|
159
163
|
|
160
|
-
config[
|
161
|
-
config[
|
162
|
-
config[
|
163
|
-
config[
|
164
|
-
config[
|
165
|
-
config[
|
164
|
+
config["user"] = options["user"] if options["user"]
|
165
|
+
config["server"] = options["url"]
|
166
|
+
config["insecure"] = options["insecure"] || false
|
167
|
+
config["server_type"] = options["server_type"].to_s
|
168
|
+
config["token"] = token
|
169
|
+
config["version"] = InspecPlugins::Compliance::API.version(config)
|
166
170
|
|
167
171
|
config.store
|
168
172
|
config
|
@@ -173,14 +177,14 @@ module InspecPlugins
|
|
173
177
|
def self.compliance_verify_thor_options(o)
|
174
178
|
error_msg = []
|
175
179
|
|
176
|
-
error_msg.push(
|
180
|
+
error_msg.push("Please specify a server using `#{EXEC_NAME} compliance login https://SERVER`") if o["server"].nil?
|
177
181
|
|
178
|
-
if o[
|
179
|
-
error_msg.push(
|
182
|
+
if o["user"].nil? && o["refresh_token"].nil?
|
183
|
+
error_msg.push("Please specify a `--user='USER'` or a `--refresh-token='TOKEN'`")
|
180
184
|
end
|
181
185
|
|
182
|
-
if o[
|
183
|
-
error_msg.push(
|
186
|
+
if o["user"] && o["password"].nil? && o["token"].nil? && o["refresh_token"].nil?
|
187
|
+
error_msg.push("Please specify either a `--password`, `--token`, or `--refresh-token`")
|
184
188
|
end
|
185
189
|
|
186
190
|
raise ArgumentError, error_msg.join("\n") unless error_msg.empty?
|